Re: [Spud] [Privsec-program] Detecting and Defeating TCP/IP Hypercookie Attacks

Eliot Lear <> Tue, 02 August 2016 07:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5DE0B12B008 for <>; Tue, 2 Aug 2016 00:47:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -15.807
X-Spam-Status: No, score=-15.807 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CBCNepS00eT6 for <>; Tue, 2 Aug 2016 00:47:46 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 64D6712B035 for <>; Tue, 2 Aug 2016 00:47:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=8696; q=dns/txt; s=iport; t=1470124065; x=1471333665; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=V6qDePNefp4Ux7wV5w/ZQVGtRAEtoguez/TgYK39z/c=; b=Qhn3/KoUMkOT25IRcvboqJCokrzwxnbXD7/lJKXpA0OmJfc/+QdXt/x5 HJuJQlUuA3GdSzWJzwgE9Araq3sCbdYaIiS5737Inl5duYqG8WP8p933f 6vipH6uf1D1+1ptCEMAPRrtC5WaNCAe+gvuS1hGu1Gj7Pl1uqFrxt+bI3 o=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DICACQT6BX/xbLJq1chEW0dIcDgmaDN?= =?us-ascii?q?wKCAwEBAQEBAV4nhF8BBAEjVgULCwQ+AgJXBgEMCAEBiCUIsQSQBwEBAQEBAQE?= =?us-ascii?q?BAQEBAQEBAQEBAQEBAQ4OiCIIgk2EDIM1gloBBJkzgzqBcIlVgWuEWoMOhWyQJ?= =?us-ascii?q?1SCEhyBTjqISQEBAQ?=
X-IronPort-AV: E=Sophos;i="5.28,459,1464652800"; d="asc'?scan'208,217";a="639025745"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Aug 2016 07:47:43 +0000
Received: from [] ([]) by (8.14.5/8.14.5) with ESMTP id u727lgje025530; Tue, 2 Aug 2016 07:47:42 GMT
To: Tom Herbert <>, Spencer Dawkins at IETF <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Eliot Lear <>
Message-ID: <>
Date: Tue, 2 Aug 2016 09:47:41 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="0OI3i50SweanneBI5S5p1Mk5MkbReBWGx"
Archived-At: <>
Cc: Brian Trammell <>, Stephan Neuhaus <>, spud <>, =?UTF-8?Q?Mirja_K=c3=bchlewind?= <>, Stephen Farrell <>
Subject: Re: [Spud] [Privsec-program] Detecting and Defeating TCP/IP Hypercookie Attacks
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Aug 2016 07:47:47 -0000

Hi Tom,

On 8/1/16 10:06 PM, Tom Herbert wrote:

> TOU will negotiate a session identifier (similar to connection
> identifier) in QUIC. With this the TCP endpoints no longer use the
> 5-tuple to identifier the connection, they use the session identifier.
> This provides unambiguous connection identification that is
> independent of addresses or encapsulating UDP ports (the most
> immediate problem this resolves is NAT state remapping). Strong
> security is required to prevent connection hijacking and there are a
> couple of other caveats. Please look as section 3 in
> draft-herbert-transports-over-udp for details.

TOU is similar in many ways to what HIP did in the early days, and the
HIP developers had a pretty cool demo of it.  The threats we faced back
then were nowhere near as advanced as they are today, nor are they as
prevalent.  There is not a single platform upon which you base your
software that hasn't been attacked successfully, although some have been
attacked more regularly than others.

Let me be as clear as I possibly can be: I view a protocol that doesn't
offer an answer to the question “who initiated the communication” as
unsafe to be deployed on the Internet.  I will make another bet with
you, that at least half of your user base is running on old code with
known vulnerabilities.  This is even more critical on battery-powered
constrained devices, where a broad-scaled and sustained DDoS attack
could drain those batteries and harm a lot of people, in a short period
of time.

If there are tradeoffs to be made in mobility design because of this,
then those tradeoffs should be made.  But before you view it in that
light, lengthy research has demonstrated that RF requires repeated
selection queries to determine what is available.  That is the work done
by SCTP researchers such as Randy Stewart, and so mobility isn't being
traded off at all.**

You are seeking formal agreement of network behavior.  I am seeking an
answer to my question.  If we formalize the answer to that question,
then you have what you want and I have what I want.  I've been told that
QUIC has such an answer to my question, which is good.
I'd like to understand how that is accomplished in a secure manner. 
Certainly integrity protecting the 5-tuple and any sequence #s sounds
like a good idea, to say the least, if it can be efficiently accomplished.